Introduction

From its inception, Mistho has prioritized security and data privacy as foundational elements of its service offering. Understanding the critical nature of personal and financial information, we have designed our income and employment verification services with a core focus on safeguarding user data. This commitment is reflected in every aspect of our operations, ensuring that our customers and their data are protected by the most rigorous security standards from day one.

Adherence to GDPR

Mistho takes a unique approach in the income and employment verification industry by operating similarly to a data center provider, ensuring that control over data always remains in the hands of our customers. We do not act independently on any customer data and solely as data processor on behalf of our clients, thereby allowing our clients to fully dictate their own data retention periods and usage strategies. This model is in stark contrast to other market players who may retain data for many years as joint data controllers, creating large data repositories in conflict with the fundamental GDPR principle of data minimization. At Mistho, we empower our customers to implement their GDPR obligations directly through our APIs, emphasizing our role as a facilitator of data protection and privacy.

ISO 27001 Compliance

In our pursuit of excellence in data security, Mistho has proactively achieved ISO 27001 certification, as accredited by the British Assessment Bureau. This certification underscores our commitment to maintaining and enhancing the confidentiality, integrity, and availability of information. We implement robust security standards and practices, including full tracking of all security efforts through Vanta and automatic testing of key controls. Mistho was the first player in the UK market to become ISO 27001 compliant, achieving this significant milestone in December 2022. To view our certification, please visit here. This structured approach ensures that our security measures are comprehensive and up to date, safeguarding client data against emerging threats.

Session-Based Verification Approach

Mistho employs a session-based verification approach, characterized by a one-time data sharing process that does not involve continuous updates or storage. This method ensures that user credentials are fully encrypted and never stored, thereby protecting data integrity and providing strong comfort to end-users. Each session is treated as an isolated instance, with no subsequent data retention or reuse, emphasizing our commitment to data privacy and minimizing the potential for unauthorized access or data breaches.

Summary

Mistho's security approach for income and employment verification services is built on a foundation of stringent data protection standards and advanced security measures. By operating similarly to a data center provider and adhering strictly to GDPR, we ensure that all data processing activities are controlled by our clients, fostering robust data protection practices. Our certification in ISO 27001 and the adoption of a session-based verification process, with its one-time data sharing mechanism, underscore our commitment to safeguarding data confidentiality, integrity, and availability. Through these efforts, Mistho ensures that all data is securely managed, providing clients with a reliable and compliant verification service.

Any commentary produced by Mistho is for general information only and is not legal or other advice upon which reliance can or should be placed.  Opinions expressed may change and there is no guarantee that the commentary is or will remain accurate, complete and up to date.  To the extent permitted, Mistho disclaims all liability arising from any reliance placed on the commentary, including for actions taken or not taken based on it.